Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

BGP ASPATH parsing error #211

Open
jack8daniels2 opened this issue Aug 12, 2015 · 2 comments
Open

BGP ASPATH parsing error #211

jack8daniels2 opened this issue Aug 12, 2015 · 2 comments

Comments

@jack8daniels2
Copy link

dpkt fails to parse the following BGP update packet.

BGP4MPMessage_32(src_as=3303, src_ip=3653261618, dst_as=6447, dst_ip=2162111334, data='\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\x00n\x02\x00\x00\x007@\x01\x01\x02@\x02\x16\x02\x05\x00\x00\x0c\xe7\x00\x00\x00\xd1\x00\x00\x02\xd1\x00\x00i\xba\x00\x00\x02\x87@\x03\x04\xd9\xc0Y2\xc0\x08\x10\x0c\xe7\x03\xec\x0c\xe7\x03\xed\x0c\xe7\x0b\xf8\x0c\xe7 \x07\x18\xcdA\x9d\x18\xcdGd\x18\xcdGe\x18\xcdGg\x18\xcdGh\x18\xcdGi\x18\xcdGj\x18\xcdH\xdf')

This packet was gathered from route views, so it is a valid packet.
It fails with the following exception -
WARNING Parsing exception invalid ASPathSegment: '\x02\xd1\x00\x00i\xba\x00\x00\x02\x87'

From my debugging efforts, I see that type = \x02 and len = \xd1 which is much longer than the buffer length.

I'd appreciate a fix or any ideas that I can pursue to find a fix (that I'll contribute back to the repo).
@jack8daniels2
Copy link
Author

The aforementioned packet has the Attribute AS_PATH(0x2), which I believe should be encoded AS with 2 octets(old standard) or 4 octets(new standard). New BGP speakers can judge that based on 'capability' advertised by the peer during the OPEN handshake and/or AS4PATH attribute. RFC

dpkt assumes 2 octets and errors out when it is not.
https://github.com/kbandla/dpkt/blob/master/dpkt/bgp.py#L415

But, other parsers are parsing this packet 'correctly' by decoding AS as 4 octets. I am not sure how.

Source of this packet is routeviews
There are other update packets in the same archive, with AS_PATH attribute with 2 octet AS as well.

BGP4MPMessage(src_as=2905, src_ip=3288820469, dst_as=6447, dst_ip=2162111334, data='\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\x00:\x02\x00\x00\x00\x1b@\x01\x01\x00@\x02\x06\x02\x02\x0bY\x91;@\x03\x04\xc4\x07j\xf5\x80\x04\x04\x00\x00\x00\x00\x16\xc4\x0b\xc0\x18\xc4\x0b\xc4')

I can't figure out how other parsers are parsing both of these packets correctly (without knowing the capabilities of the sender or AS4_PATH). Any ideas would be much appreciated.

@sunhao2014
Copy link
Collaborator

Hi @jack8daniels2, thanks for sharing your problem and providing so many details during the hacking and debugging process. Actually we are now working on solving the issues and try to solve as many as possible before releasing dpkt 2.0. I think I would investigate this issue later and talk about my thought for this issue with you and other contributors of dpkt. Please wait patiently and stay tuned on our project. Thanks.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jack8daniels2 @sunhao2014